Detection of cloned communication united based on message contents

ABSTRACT

A method (FIG.  3 ), corresponding call screening unit, and base station (FIG.  2 ), suitable for detecting cloned communication units ( 111  or  113 ), are operable to receive a first response message and a second response message ( 305 ); determine whether identification fields (ESNs, MINs) corresponding to the response messages are equivalent ( 307 ); and if so, assess whether message contents or message properties corresponding to the response messages are not correlated ( 311 ) thus indicating the response messages are from different communication units; and when not correlated, decide that one of the response messages corresponds to a cloned communication unit ( 313 ).

FIELD OF THE INVENTION

This invention relates in general to communication systems, and morespecifically to a method and apparatus for detecting clonedcommunication units based on message contents.

BACKGROUND OF THE INVENTION

One problem that operators and users of communications systems andparticularly wireless communication systems often need to address isthat of security or privacy for communications on these systems. Thisproblem may be particularly pronounced is systems that provide serviceto a multitude of users via communications units, such as cellularphones. One technique used by ne'er-do-wells to monitor another'scommunication is using a cloned communication unit or phone, where acloned unit is configured to duplicate all identificationcharacteristics, such as identification/serial numbers of alegitimate/authorized phone.

Many such systems and standards that define such systems includeprovisions for authorizing and authenticating communication units thatutilize the services. For example the cellular system defined by thewell known IS-2000 standards specifies procedures for authentication,however these procedures and the requisite equipment can be a financialburden for a system operator and typically add latency to obtaining oracquiring services, e.g. while the phone is being authenticated, etc.

Clearly a need exists for cost effective approaches for detecting clonedcommunication units.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying figures where like reference numerals refer toidentical or functionally similar elements throughout the separate viewsand which together with the detailed description below are incorporatedin and form part of the specification, serve to further illustratevarious embodiments and to explain various principles and advantages allin accordance with the present invention.

FIG. 1 depicts, in a simplified and representative form, a block diagramof a communications system suitable for employing duplicatecommunication unit detection;

FIG. 2 depicts, in a simplified and representative form, a base stationsuitable for use in the communications system of FIG. 1, the basestation implementing a call screening unit for detecting clonedcommunication units; and

FIG. 3 depicts a flow chart illustrating a method embodiment ofdetecting cloned communication units.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENT

In overview, the present disclosure concerns communications systems thatprovide service to communications units or more specifically usersthereof operating therein. More particularly various inventive conceptsand principles embodied in methods and apparatus for the detection ordiscovery of cloned or duplicated communication units are discussed. Thecommunications systems of particular interest are those being deployedsuch as CDMA2000 spread spectrum systems although the principles andconcepts can have application in many other wide area or local areasystems where differences between a cloned and unauthorized versusauthorized communication unit can be detected or discovered based ondifferences between signals that are provided by such units.

As further discussed below various inventive principles and combinationsthereof are advantageously employed to detect or discover a cloned orduplicated communication unit based on expected or resultant impacts oninbound signals that can result from such units, thus alleviatingvarious problems associated with cloned communication units, such as themonitoring of legitimate communications with authorized communicationunits. This is accomplished in a cost effective low latency mannerprovided these principles or equivalents thereof are utilized. Thedisclosed approaches can be used in conjunction with otherauthentication or authorization techniques and equipment and still yielda low latency approach, at least until a possible cloned unit isdetected thereby causing a mote thorough authentication process, etc. tobe utilized.

The instant disclosure is provided to further explain in an enablingfashion the best modes of making and using various embodiments inaccordance with the present invention. The disclosure is further offeredto enhance an understanding and appreciation for the inventiveprinciples and advantages thereof, rather than to limit in any mannerthe invention. The invention is defined solely by the appended claimsincluding any amendments made during the pendency of this applicationand all equivalents of those claims as issued.

It is further understood that the use of relational terms, if any, suchas first and second, top and bottom, and the like are used solely todistinguish one from another entity or action without necessarilyrequiring or implying any actual such relationship or order between suchentities or actions.

Much of the inventive functionality and many of the inventive principlesare best implemented with or in software programs or instructions andintegrated circuits (ICs) such as general purpose processors orapplication specific ICs. It is expected that one of ordinary skill,notwithstanding possibly significant effort and many design choicesmotivated by, for example, available time, current technology, andeconomic considerations, when guided by the concepts and principlesdisclosed herein will be readily capable of generating such softwareinstructions and programs and ICs with minimal experimentation.Therefore, in the interest of brevity and minimization of any risk ofobscuring the principles and concepts according to the presentinvention, further discussion of such software and ICs, if any, will belimited to the essentials with respect to the principles and concepts ofthe preferred embodiments.

Referring to FIG. 1, a simplified and representative block diagram of acommunications system 101 suitable for using various embodiments of acloned communication unit detection method and apparatus will bedescribed and discussed. The FIG. 1 exemplary communication system 101is generally known and depicts a base station 103 that is intercoupledto a mobile switching center 105 along with other base stations 109. Themobile switching center 105 is arranged to inter couple communicationsfrom or to the appropriate base stations and a public switched network,such as a public switched telephone network. The base stations operateto support an air interface with a multitude of communication units,where base station 103 is shown with a radio link or air interface totwo communication units 111, 113. Note that actual communication systemsmay be significantly more complex and include various additional knownentities, such as base site controllers, billing, authorization,authentication, and voice mail servers that are not germane to thepresent discussions and thus for the sake of simplicity have not beendepicted.

Unfortunately, one of these communication units, such as unit 111 can bean unauthorized communication unit, such as a cloned version ofcommunication unit 113. Cloned or duplicated communication units are onemeans or approach that may be used for unauthorized monitoring ofanother communication or other mischief. Normally this is illegal,however it may be necessary to take additional measures to preclude suchactivities. A cloned communication unit normally refers to a unit thatassumes the identity of another and authorized communication unit. Thusthe cloned communication unit, for example will have the same ESN(electronic serial number) or MIN (mobile ID number or mobile phonenumber). Therefore, whenever one or both of these numbers are useddirectly or in a derivative form to convey identity between thecommunication system or portion thereof and the communication unit, bothunits are likely to send or receive the same information.

For example for CDMA communication units the cloned information cancomprises the Electronic Serial Number (ESN)—a 32-bit number used bymanufacturers to uniquely identify the communication hardware or deviceand a Mobile Identification Number (MIN)—a 34-bit number that is adigital representation of the 10-digit number assigned to acommunication unit. The 10-digit number referred to here is usually themobile station's phone number. Many CDMA standards use these two piecesof information extensively, for many different purposes. If two phonesor communication units are programmed with identical values for thesetwo parameters, the network will have a very difficult timedistinguishing the real phone from the clone because, for example, thesedevices or units will transmit and receive using the same physical layerscrambling or spreading sequences, use the same information when tellingthe network their identities, choose the same Paging Channel Slots andchoose the same Access Channel Slots.

Continuing our example a cloned phone can be used to monitor theconversation of a network-initiated call to a legitimate communicationunit, at least when the illegal or cloned device is reasonablyphysically proximity to the authorized communication unit as follows.The Network, e.g. base station will transmit a Page Message or GeneralPage Message on the Paging Channel in the last-known area where thecommunication unit or mobile station registered. Both the real orauthorized communication unit and cloned communication unit or phonesare monitoring the correct Paging Channel Slot, so both receive thismessage. Both the real and clone phones attempt to transmit a PageResponse Message on the Access Channel. Both phones will place the sameidentity information in the Page Response Message. Both phones willnormally place identical other information in the Page Response Message.The other or remaining information (besides identity information) isdetermined by system information and the contents of the received PageMessage or General Page Message. Both phones will attempt to use thesame Access Channel to transmit the Page Response Message; e.g. on of upto 32 Access Channels per paging channel.

If the network receives Page Response Messages from both phones and theLayer 2 sequence information (ESN, MIN, etc.) in those messages areidentical, the network (by specification) considers the second receivedmessage to be a re-transmission, declares the second one a duplicate andignores it. The Network will receive one of the identical transmissionsand will acknowledge reception by sending a Base Station AcknowledgementOrder on the Paging Channel. Both phones will receive this message andwill stop attempting to transmit the Page Response Message on the AccessChannel. The remaining signaling is identical and will be processed bythe Network and both phones similarly. Once the “call” is connected tothe Traffic Channel, the clone can demodulate the forward link intendedfor the real phone because it uses the same forward link scramblingcode.

In order to detect such cloned communication units and overcome theresultant problems, the communication system is advantageously modifiedin accordance with the inventive principles and concepts discussedbelow.

Referring to FIG. 2, a simplified and representative block diagram of abase station suitable for use in the communications system of FIG. 1will be described and discussed. The base station implements andutilizes a call screening unit for detecting cloned communication units.The base station is coupled to an antenna 203 via a transceiver 205.Typically a base station will have a plurality of such transceivershowever the relevant operation of one is sufficient to explain theprinciples and concepts according to the present invention. Thetransceiver is known and can vary with the access technology butoperates as a receiver and transmitter for receiving and transmittingradio signals via the antenna 203 to communications units, such as units111, 113, within a respective coverage area.

The transceiver is coupled to an input/output 207 of the call screeningunit 209 and the system is further coupled to the balance of a radioaccess network at 211, such as base station controllers, mobileswitching centers and the like. The call screening unit 209 includes aprocessor 213 coupled to a memory 215. The call screening unit caninclude for example a data processing system that can comprise variousfunctionality suitable for handling other signal processing duties, suchas supporting an air interface with communication units or base stationcontrolling duties as will be appreciated in the field. The processor213 can be comprised of one or more general purpose processors ordigital signal processors and application specific integrated circuitswith a processing core, etc all of which are generally available andwill be known to one of ordinary skill. The memory is also known and canbe comprised of various combination of random access memory, read onlymemory, magnetic memory and so forth.

The memory is used to store various operating subroutines or softwareinstructions, variables, and data. When the processor executes theappropriate routines the data processing system will operate to controland support the base station and the call screening unit will operate todetect or discover cloned or duplicated communication units as furtherdescribed below. The various routines include, as generally depicted, anoperating system, variables, and data routine 217 that provides theoverall operational structure and functionality. Further included arevarious air interface routines 219 that can vary with the accesstechnology and specific architecture of the base station andcommunication system but that generally support functions for an airinterface, such as channel coding, modulation, transmitter control,receiver control, demodulation, call processing and the like as will beappreciated by one of ordinary skill.

Other routines, specifically depicted and largely devoted to the callscreening unit functionality include an identification field comparisonroutine 221, a routine 223 for comparing message properties, such astime of arrival, and a routine 225 for comparing message content, suchas environmental information (radio environment report) are shown. Thesecomparison routines are used to determine whether various informationassociated with or corresponding to different response messages indicatewhether the respective response messages originated with a cloned unit,e.g. detect a cloned unit as will be further discussed below. Then aroutine 227 provides an indication of a cloned communication unit underappropriate circumstances, where the indication may be used to deny ordiscontinue service, send appropriate service messages to the unit(s) orother communication system entities in a system management role or otherwise initiate appropriate action.

Further depicted is a portion of memory 229 for storing thresholds forvarious of the comparison routines, such as the content and propertiescomparison routines 221, 223 and these thresholds may depend on variouscircumstances, such as the particular parameter that is being compared,system preferences, and so forth. An additional data base 231 comprisesmobile station or communication unit identifying information, such asESNs, MINs, message sequence numbers, etc. that are used to coordinatecommunications with particular communication units. Various otherroutines 233, such as user and service interface, alarms and the likeroutines, possibly other applications that will be appreciated by one ofordinary skill but not here relevant are normally also included.

In this embodiment the call screening unit 209 is depicted as a portionof a controller and data processing system and co-located with the basestation 103 and represents incremental processing duties for theprocessing and control functions of the base station. Note that it maybe appropriate to locate this data processing function at otherlocations or points within the communication system. Other locations,such as a base site controller or the MSC 105 could offer an advantageof a centralized point for this processing for several or all of thebase stations, however there could be a tradeoff with the added resourcecosts of transporting the underlying information and any incrementallatency resulting from such transport.

In operation the call screening unit 209 is operable to detect or fordetecting cloned (duplicated, unauthorized) communication unitsoperating in a communication system, such as a cdma2000 system. The callscreening unit 209 comprises an input, such as input 207 that is coupledto a signal further comprising a first response message and a secondresponse message, that was received, for example by the transceiver 205,and a processor 213 that is coupled to the input and operable todetermine whether the first response message and the second responsemessage originated from a cloned communication unit, such as one ofcommunication units 111, 113. Note that the response messages aremessages that are received, for example, on an access channel in acdma2000 system.

More specifically the processor is operable using the routines 221: todetermine whether a first identification field corresponding to thefirst response message is equivalent to a second identification fieldcorresponding to the second response message. In one embodiment theprocessor determines whether the Mobile ID numbers (MINs—mobile phonenumbers) and Electronic Serial Numbers (ESNs) for the correspondingmessages are the same and if so whether the message sequence numbers arethe same. When the first identification field is equivalent to thesecond identification field, the processor using the routines 225, 223is further operable to assess whether a first message content or a firstmessage property corresponding to the first response message is notcorrelated, respectively, with a second message content or a secondmessage property corresponding to the second response message. If therespective content and properties are not correlated, e.g. deviate fromexpected such content and properties, this indicates that the responsemessages are not duplicate response messages, e.g. did not originatefrom the same communication unit. Thus when the respective content andproperties are not correlated, the processor, using the routine 227,operates to determine, to declare, or to decide that one of the firstresponse message and the second response message corresponds to a clonedcommunication unit.

In one embodiment, the call screening unit specifically the processor indetermining whether the respective contents are not correlated isoperable, using the routine 225 to assess whether first environmentalinformation is not correlated with second environmental information,where the first and second environmental information correspondrespectively to an environment of a first and second communication unitthat is, respectively the source of the first and the second responsemessage. This environmental information may take various forms includinginformation corresponding to a radio environment or a geographiclocation, respectively, the first and the second communication unit. Theradio environment can correspond to signals available or strength ofavailable signals for, respectively, the first and the secondcommunication unit and the location information can be GPS (globalpositioning system) coordinates or other latitude-longitude coordinatesderived in one of various known manners and according to what means maybe available to the communication units.

More specifically the radio environment can comprises a radioenvironment report (RER) according to a code division multiple access(CDMA) system, such as the RER that can be provided with the responsemessage in a cdma2000 system as will be further discussed below. Thebasic concept is that the authorized communication unit and the clonedcommunication unit are unlikely to be in the same exact location andthus unlikely to be able to detect or receive exactly the same signalsat the same power levels. Thus if the radio environments correspondingto the respective response messages are not correlated or sufficientlyun-correlated, e.g. different, it is likely that a cloned communicationunit is the originator of one of the response messages. Of course theRERs may be somewhat different, (the response messages will not havebeen sent at the same time especially if one is a repeat responsemessage from the same unit) and still be correlated, for example smalldifferences is power levels. It is expected that one of ordinary skillgiven the present disclosure can experimentally determine an allowabledifference between RERs taking into consideration the difference inorigination times, thus radio environment, for a repeat message and thecosts of making an erroneous decision that a cloned unit has beendetected.

In a further embodiment the processor in determining whether the messageproperties are not correlated is further operable, using the routine223, to assess whether a first arrival time of the first responsemessage is not correlated with a second arrival time of the secondresponse message. Note that in many communication systems acommunication unit will repeat messages a number of times if anacknowledgment of the message is not received. Thus some attempt todistinguish ordinary repeated response messages originated by anauthorized communication unit from duplicated response messages sent bya cloned communication unit may be required Typically these repeatedmessages are transmitted from the mobile with certain schedulinglimitations, e.g. a minimum time lapse before a message is repeated aswill be discussed further below. Thus if a time of arrival for eachresponse message is recorded, the processor can further compare thefirst and the second arrival time to provide a relative arrival time andwhen the relative arrival time satisfies a threshold from location 229determine that the first message property is not correlated with thesecond message property.

Once it is decided that one of the first response message and the secondresponse message corresponds to the cloned communication unit, theprocessor can operate to initiate a denial of service to anycommunication unit corresponding to the first identification field (notethe second identification field has been found to be equivalent). Thiscan take the form of a release message being initiated by the processorand sent via the transceiver 205 to the communication unit(s) in acdma2000 communication system where this message need not specify anyreasons. Alternatively or additionally the denial of service can furtherinclude the processor operating to initiate sending a text message tothe communication unit(s) corresponding to the first identificationfield, where this message may direct the operator or user to call anumber, have the unit serviced, or the like.

In one example system, namely a cdma2000 system, where the informationin the Page Response Message transmitted from both phones, e.g.authorized communication unit and cloned communication unit, areidentical under normal conditions, the network can use optionalinformation known as the Radio Environment Report to find a difference.Note that the RER is included in the Page Response Message as amandatory element in cdma2000 systems that operate at a protocolrevision of 6 or higher. In earlier revisions the network can specifythat the RER be included (see 3.7.2.3.2.13 Extended System ParametersMessage, “PILOT REPORT” of the 3GP2 C.S0005-0 Upper Layer SignalingStandard for cdma2000 Spread Spectrum Systems standard).

Typically the Radio Environment Report is a report from thecommunication unit regarding its received pilot energies (Ec/Io) fromany base stations in the unit's vicinity. Note that the specificcontents of the RER is defined in 2.1.1.4.1.2.1 of Signaling Link AccessControl (LAC) Specification for cdma2000 Spread Spectrum Systems whichis a standards document used to define Layer 2 operation for CDMAcellular systems. The network uses this information to determine if themobile station can be connected to more than one base station during themobile's transition to operation on the Traffic Channel. Assigning amobile station to more than one base station is referred to as ChannelAssignment into Soft Handoff. The RER normally will provide uniqueinformation for every communication unit that reports this information,since the pilot strength measurements will vary between physicallocations. Because the RER is based upon communication unit or mobilemeasurements, the cloned unit cannot provide a duplicate to the real orauthorized unit's RER. The network can use this content difference todetect that a cloned phone is also trying to answer a network-initiatedcall.

Thus when the network or base station sends a Page Message or GeneralPage Message to the mobile station, the base station will listen for aPage Response Message on the Access Channel (or Extended AccessChannel). When the network receives Page Response Messages from both theclone and the real communication unit or mobile station, the normal orLayer 2 software (basic connection software) will still decide that themessages are duplicates. This is because Layer 2 only looks atidentification including sequence number information. A further step ofcomparing the RER information from both messages can decide or determinethat the messages are unique, even though the remaining information isidentical. Thus the clone communication presence can be detected bycomparing RER information from 2 received Page Response Messages. Ifnormal software or message processing declares the messages to beduplicates, but the RER content is different, one of the Page ResponseMessages is declared to be from a clone.

One example in a cdma2000 communication system of the properties of theresponse message being not correlated, more specifically of the time ofarrival not being correlated, will be discussed. The call screening unitor processor will need to determine, given the time of arrival (TOA) ofthe response messages, whether a communication unit operating accordingto the standard specified terms and conditions could have sent bothresponse messages or in other words how long a mobile would wait beforeresending the original access probe if it failed to get the BTS AckOrder or acknowledgment from the base station. According to the cdma2000Standards, once the mobile sends the access probe (i.e. Page Responsemessage), it will start an access timer and wait for the BTS toacknowledge receipt of the access probe. This time period is defined as:TO=(2+ACH _(—) ACC _(—) TMO)×80 msThe access timeout value used by the mobile station is driven by theACH_ACC_TMO variable. This variable is actually set via the ACC_TMOfield in the Access Parameters message. The valid range for this fieldis 0-17; thus, the access timeout used by the mobile can range from 160ms to 1360 ms. The ACC_TMO field is configurable and changeable via theDB:AccTmo database parameter. Different suppliers of equipment can usedifferent values for this parameter or it can be changed in the field.If the default value is ‘1’, then TO=(3) 80 ms=240 ms. Thuscommunication units or phones accessing this system should wait at least240 ms for a BTS Ack Order message after repeating a response message,e.g. before timing out and sending a subsequent access probe. Thereforeif a base station or call screening unit observes a relative TOA,difference between response messages of less than 240 ms, this propertyis not correlated and the base station or call screening unit can decidethat a cloned communication unit was the originator of one of theresponse messages.

The call screening unit or other suitable apparatus can beadvantageously used in a base station to detect cloned communicationunits, e.g. detecting unauthorized communication units, in, for examplea communication system that is using a code division multiple access airinterface protocol, such as the protocol defined by the cdma2000standards promulgated by the 3GPP2 task force. As a brief review, thebase station in this system comprises a receiver operable to receive,responsive to a page message, a first response message and a secondresponse message and a processor. The processor is operable: todetermine whether a first identification field corresponding to thefirst response message is equivalent to a second identification fieldcorresponding to the second response message; if so to assess whether afirst radio environment report corresponding to the first responsemessage is not correlated, respectively, with a second radio environmentreport corresponding to the second response message; and when this isso, to decide that one of the first response message and the secondresponse message corresponds to a cloned communication unit. Therespective identification fields can comprise one or more of anelectronic serial number, mobile identification number, and messagesequence number and the first environmental report comprises informationcorresponding to other radio signals that are available to thecommunication unit. Furthermore in some embodiments the base stationspecifically the processor, prior to the deciding, is further operableto assess whether a relative arrival time corresponding to the firstresponse message and the second response message satisfies a threshold.

Referring to FIG. 3, a flow chart illustrating a method embodiment ofdetecting cloned communication units will be discussed and described.The method of FIG. 3 can be performed or practiced by the apparatus orcall screening unit of FIG. 2 or other apparatus with similarfunctionality or capability. The FIG. 3 flow chart illustrates a methodof detecting duplicated or cloned communication units, for example byvirtue of signals on an inbound access channel, and begins at 301. At303 a page message is sent to a communication unit. At 305 a signal,responsive to the page message, is received, where the signal, forexample comprises a first response message and a second responsemessage, each response message comprising identification fields, such asMINs, ESNs, and message sequence numbers in a cdma2000 communicationsystem. Furthermore each response message comprises one or both ofcontent, for example a radio environment report (RER) or locationindicia, and properties, such as a time of arrival (TOA). At 307 it isdetermined whether a first identification field corresponding to thefirst response message is equivalent to a second identification fieldcorresponding to the second response message, or specifically whetherthe MINs and ESNs are equivalent. If the MINs and ESNs are not identicalthe response messages are not duplicates and at 309, an acknowledgmentis sent to the proper communication unit (unit with MIN, ESN that pagemessage was sent to) and the response message is forwarded to thenetwork (MSC, etc.). Note that this is a “normal” mode of operation formany networks.

Then at 311 when the first identification field is equivalent to thesecond identification field, the method assesses whether a first messagecontent or a first message property corresponding to the first responsemessage is not correlated, respectively, with a second message contentor a second message property corresponding to the second responsemessage. If the content or property of the respective response messagesis not correlated, at 313 it is determined or decided that one of thefirst response message and the second response message corresponds to acloned communication unit. At 315 service is denied or discontinued forthe communication unit corresponding to the identification field, ESNand MIN, and optionally a text message is sent to this (these)communication units, indicating for example that service is required orthe like and the method ends at 317.

More detailed embodiments of the process at 311 will now be explainedwith reference to 319-325. At 311, sequence numbers for the responsemessages are checked for a match. If they do not match a clonedcommunication unit has been detected and 313 followed by 315 areperformed. If the sequence numbers match, 321 and 323 further assesswhether first environmental information is not correlated with secondenvironmental information, where the first and second environmentalinformation corresponds to an environment of a first and secondcommunication unit that is, respectively the source of the first and thesecond response message. More specifically 321 determines whether thecontents of the response messages are not correlated, where the contentscorrespond, for example, to a radio environment, such as one or both ofsignals available and strength of available signals (for example a radioenvironment report (RER) for a CDMA system), or a location, such asknown GPS coordinates for, respectively, the first and the secondcommunication unit. Note that in some systems the page message willrequest that contents be provided in the response message, for examplein some versions of cdma2000 systems the page message that is sent willindicate that an RER is to be provided by the communication unit withthe response message. If the contents are not correlated, indicating theresponse messages are from different communication units, a clonedcommunication unit has likely been detected and 313 followed by 315 areperformed.

If the contents are correlated at 321, then 323 in assessing whether thefirst message property is not correlated with the second messageproperty further assesses whether a first arrival time (time ofarrival—TOA) of the first response message is not correlated with asecond arrival time of the second response message. More specifically insome embodiments the first and the second arrival time are compared toprovide a relative arrival time (delta TOA) and when the relativearrival time satisfies a threshold determining that the first messageproperty is not correlated with the second message property. Thethreshold is a time out (TO) value for the communication unit and thisvalue is often a system configurable value designating the minimumamount of time a given communication unit must wait before sending arepeated response message as discussed above. Thus if the relativearrival time is less than the time out value (delta TOA<TO) it is likelythat a cloned communication unit has been detected and hence 313followed by 315 are performed. If the relative time of arrival of theresponse messages are correlated at 323 then 325 sends an acknowledgemessage to the communication unit, discards the duplicate responsemessage and forwards the remaining response message to the network.

While the method of FIG. 3 may be advantageously practiced in a basestation other entities within the network may be utilized to practicethe method in total or in part. Also note that any access technology(time division multiple access or frequency division multiple access orcombinations for example) that can force or specify messagecharacteristics such as content or properties such that authorized andcloned communication units can be distinguished based on differences indata transmission characteristics is a candidate for using theprinciples and concepts disclosed herein.

Thus an apparatus and methodology has been disclosed and described thatprovides a low latency, low cost technique for detecting clonedcommunication units on an inbound channel, for example an accesschannel. Various embodiments of methods, systems, and apparatus fordetecting cloned or duplicated communication units so as to facilitateand provide for identification and service denial for such units in anefficient and timely manner have been discussed and described. It isexpected that these embodiments or others in accordance with the presentinvention will have application to many wide area networks as well aswireless local area networks. The disclosure extends to the constituentelements or equipment comprising such systems and specifically themethods employed thereby and therein. Using the inventive principles andconcepts disclosed herein advantageously allows or provides for lowlatency and low network overhead detection of cloned communicationsunits or devices, which can be beneficial to users and service providersa like.

This disclosure is intended to explain how to fashion and use variousembodiments in accordance with the invention rather than to limit thetrue, intended, and fair scope and spirit thereof. The foregoingdescription is not intended to be exhaustive or to limit the inventionto the precise form disclosed. Modifications or variations are possiblein light of the above teachings. The embodiment(s) was chosen anddescribed to provide the best illustration of the principles of theinvention and its practical application, and to enable one of ordinaryskill in the art to utilize the invention in various embodiments andwith various modifications as are suited to the particular usecontemplated. All such modifications and variations are within the scopeof the invention as determined by the appended claims, as may be amendedduring the pendency of this application for patent, and all equivalentsthereof, when interpreted in accordance with the breadth to which theyare fairly, legally, and equitably entitled.

1. A method in a base station of detecting cloned communication units,the method comprising: receiving, responsive to a page message, a firstresponse message and a second response message; determining whether afirst identification field corresponding to the first response messageis equivalent to a second identification field corresponding to thesecond response message; when the first identification field isequivalent to the second identification field, assessing whether one ofa first message content and a first message property corresponding tothe first response message is not correlated, respectively, with one ofa second message content and a second message property corresponding tothe second response message indicating that one of the first responsemessage and the second response message does not correspond to a clonedcommunication unit; when one of a first message content and a firstmessage property corresponding to the first message is correlated,respectively, with one of a second message content and a second messageproperty corresponding to the second response message, assessing whetherthe other of the first message content and a first message propertycorresponding to the message is not correlated, respectively, with theother of the second message content and the second message propertycorresponding to the second response message; and when the other of thefirst message content and the first message property is not correlated,respectively, with the other of the second message content and thesecond message property, deciding that one of the first response messageand the second response message corresponds to a cloned communicationunit.
 2. The method of claim 1 wherein the assessing whether the otherof the first message is not correlated with the other of the secondmessage content further comprises assessing whether first environmentalinformation is not correlated with second environmental information, thefirst and second environmental information corresponding to anenvironment of a first and second communication unit that is,respectively the source of the first and second response message.
 3. Themethod of claim 2 wherein the first and second environmental informationcorresponds to one of a radio environment and a location for,respectively, the first and second communication unit.
 4. The method ofclaim 3 wherein the radio environment corresponds to one of signalsavailable and strength of available signals for, respectively, the firstand the second communication unit.
 5. The method of claim 3 wherein theradio environment further comprises a radio environment report accordingto a code division multiple access system.
 6. The method of claim 1wherein the assessing whether the other first message property is notcorrelated with the other second message property further comprisesassessing whether a first arrival time of the first response message isnot correlated with a second arrival time of the second responsemessage.
 7. (canceled)
 8. The method of claim 1 further comprisingsending the page message, the page message requiring message content inany response message.
 9. The method of claim 1 wherein, responsive todeciding that one of the first response message and the second responsemessage corresponds to the cloned communication unit, the method furthercomprises denying service to any communication unit corresponding to thefirst identification field.
 10. The method of claim 9 wherein thedenying service further comprises sending a text message to the anycommunication unit corresponding to the first identification field. 11.A call screening unit in a communication system, the call screening unitoperable to detect cloned communication units operating in thecommunication system and comprising: an input for receiving a firstresponse message and a second response message; and a processoroperable: to determine whether a first identification fieldcorresponding to the first response message is equivalent to a secondidentification field corresponding to the second response message; whenthe first identification field is equivalent to the secondidentification field, to assess whether one of a first message contentand a first message property corresponding to the first response messageis not correlated, respectively, with one of a second message content asecond message property corresponding to the second response messageindicating that one of the first response message and the secondresponse message does not correspond to a cloned communication unit,when one of a first message content and a first message propertycorresponding to the first message is correlated, respectively with oneof a second message content and a second message property correspondingto the second response message assessing whether the other of the firstmessage content and a first message property corresponding to themessage is not correlated, respectively, with the other of the secondmessage content and the second message property corresponding to thesecond response message; when the one of the other first message contentand the first message property is not correlated, respectively, with theone of the other second message content and the second message property,to decide that one of the first response message and the second responsemessage corresponds to a cloned communication unit.
 12. The callscreening unit of claim 11 wherein the processor is further operable toassess whether first environmental information is not correlated withsecond environmental information, the first and second environmentalinformation corresponding to an environment of a first and secondcommunication unit that is, respectively the source of the first and thesecond response message.
 13. The call screening unit of claim 12 whereinthe first and the second environmental information corresponds to one aradio environment and a location for, respectively, the first and thesecond communication unit.
 14. The call screening unit of claim 13wherein the radio environment corresponds to one of signals availableand strength of available signals for, respectively, the first and thesecond communication unit.
 15. The call screening unit of claim 13wherein the radio environment further comprises a radio environmentreport according to a code division multiple access system.
 16. The callscreening unit of claim 11 wherein the processor is further operable toassess whether a first arrival time of the first response message is notcorrelated with the second arrival time of the second response message.17. (canceled)
 18. The call screening unit of claim 11 wherein,responsive to deciding that one of the first response message and thesecond response message corresponds to the cloned communication unit,the processor is further operable to initiate denial of service to anycommunication unit corresponding to the first identification field. 19.The call screening unit of claim 19 wherein the denial of servicefurther includes the processor operating to initiate sending a textmessage to the any communication unit corresponding to the firstidentification field.
 20. A base station operable to detect clonedcommunication units, the base station comprising: a receiver operable toreceive, responsive to a page message, a first response message and asecond response message; and a processor operable: to determine whethera first identification field corresponding to the first response messageis equivalent to a second identification field corresponding to thesecond response message to determine whether a first sequence numbercorresponding to the first response message is equivalent to a secondsequence number corresponding to the second response message indicatingthe first response message and the second response message do notcorrespond to a cloned communication unit; when the first identificationfield is equivalent to the second identification field, to assesswhether a first radio environment report corresponding to the firstresponse message is not correlated, respectively, with a second radioenvironment report corresponding to the second response message; whenthe first radio environment report is not correlated with the secondradio environment report, to decide that one of the first responsemessage and the second response message corresponds to a clonedcommunication unit.
 21. The base station of claim 20 wherein the firstidentification field comprises one of an electronic serial number,mobile identification number, and message sequence number and the firstenvironmental report comprises information corresponding to other radiosignals that are available.
 22. (canceled)